From 95aa39fc572a3a6e1fb206cc7d86f4d054050679 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6khan=20Arkan?= Date: Wed, 13 May 2026 16:06:47 +0300 Subject: [PATCH 1/2] Annotate add_issue_comment as destructive Sets destructiveHint: true on the add_issue_comment tool annotations so the IFC client engine can apply egress policies before invocation. Refs github/copilot-mcp-core#1623. --- pkg/github/__toolsnaps__/add_issue_comment.snap | 1 + pkg/github/issues.go | 5 +++-- pkg/github/issues_test.go | 3 +++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/github/__toolsnaps__/add_issue_comment.snap b/pkg/github/__toolsnaps__/add_issue_comment.snap index d273a582d6..ea6f0f9b7d 100644 --- a/pkg/github/__toolsnaps__/add_issue_comment.snap +++ b/pkg/github/__toolsnaps__/add_issue_comment.snap @@ -1,5 +1,6 @@ { "annotations": { + "destructiveHint": true, "title": "Add comment to issue" }, "description": "Add a comment to a specific issue in a GitHub repository. Use this tool to add comments to pull requests as well (in this case pass pull request number as issue_number), but only if user is not asking specifically to add review comments.", diff --git a/pkg/github/issues.go b/pkg/github/issues.go index ab8611afb2..f7d5a58aba 100644 --- a/pkg/github/issues.go +++ b/pkg/github/issues.go @@ -640,8 +640,9 @@ func AddIssueComment(t translations.TranslationHelperFunc) inventory.ServerTool Name: "add_issue_comment", Description: t("TOOL_ADD_ISSUE_COMMENT_DESCRIPTION", "Add a comment to a specific issue in a GitHub repository. Use this tool to add comments to pull requests as well (in this case pass pull request number as issue_number), but only if user is not asking specifically to add review comments."), Annotations: &mcp.ToolAnnotations{ - Title: t("TOOL_ADD_ISSUE_COMMENT_USER_TITLE", "Add comment to issue"), - ReadOnlyHint: false, + Title: t("TOOL_ADD_ISSUE_COMMENT_USER_TITLE", "Add comment to issue"), + ReadOnlyHint: false, + DestructiveHint: jsonschema.Ptr(true), }, InputSchema: &jsonschema.Schema{ Type: "object", diff --git a/pkg/github/issues_test.go b/pkg/github/issues_test.go index ed92c49ab3..4b02fdf653 100644 --- a/pkg/github/issues_test.go +++ b/pkg/github/issues_test.go @@ -405,6 +405,9 @@ func Test_AddIssueComment(t *testing.T) { assert.Equal(t, "add_issue_comment", tool.Name) assert.NotEmpty(t, tool.Description) + require.NotNil(t, tool.Annotations.DestructiveHint) + assert.True(t, *tool.Annotations.DestructiveHint) + assert.Contains(t, tool.InputSchema.(*jsonschema.Schema).Properties, "owner") assert.Contains(t, tool.InputSchema.(*jsonschema.Schema).Properties, "repo") assert.Contains(t, tool.InputSchema.(*jsonschema.Schema).Properties, "issue_number") From 8b4012fa89b642423f7d6a9659c75235b6ecf2ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6khan=20Arkan?= Date: Wed, 13 May 2026 16:29:21 +0300 Subject: [PATCH 2/2] Add nil check for tool.Annotations in Test_AddIssueComment --- pkg/github/issues_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/github/issues_test.go b/pkg/github/issues_test.go index 4b02fdf653..dc164b100a 100644 --- a/pkg/github/issues_test.go +++ b/pkg/github/issues_test.go @@ -405,6 +405,7 @@ func Test_AddIssueComment(t *testing.T) { assert.Equal(t, "add_issue_comment", tool.Name) assert.NotEmpty(t, tool.Description) + require.NotNil(t, tool.Annotations) require.NotNil(t, tool.Annotations.DestructiveHint) assert.True(t, *tool.Annotations.DestructiveHint)